An additional layer of protection, once reserved for banks and large
enterprises, is now available to protect your AWS account from unauthorized
use. This should be especially attractive to our enterprise-level
customers, but we expect customers of all types to value the additional security.

To activate this feature, you must first purchase an authentication device
here. Once you have the device in-hand you can activate it for your AWS account using the AWS portal. From that point forward, you will need to provide your password and the authentication code from the device in order to log in.

The devices are small, lightweight, and long-lasting. Fraudulent usage becomes much more difficult because a successful login combines something you know (your email address and password) with something you have (the authentication device).

We are following the OATH reference architecture for time-based one-time passwords. In this model, the authentication device contains a very accurate clock. Once synchronized to your AWS account, the device displays a new set of pseudo-random digits every 30 seconds. The digit stream is based on the current time and the device's unique serial number.

Once you purchase an authentication device from one of our participating third-party vendors, use of MFA is free. Each device works with a single AWS account and each AWS account accommodates at most one device.

The AWS Management Console now has complete support for Amazon CloudWatch. You can enable CloudWatch for any or all of your EC2 instances using the console and data will be available in a moment or two. You can select one or more running EC2 instances to see the CloudWatch data in graphical form. You can observe CPU utilization, disk reads, disk writes, and network traffic (both in and out). If you select more than one EC2 instance, the console will automatically display aggregated values.You can also get a larger and more detailed view of the data.

Here are some pictures of the console in action:

Among other uses, you can use the new CloudWatch support to monitor and tune your Auto Scaling rules.

The new release of the AWS Management Console also centralizes a number of actions on EC2 instances in a new Instance Actions menu:

It is flexible, colorful, and informative and you can start to use it
now!

As a frequent traveler, there's nothing more aggravating than a delayed flight. The team at FlightCaster has used AWS to build a powerful tool for travelers. FlightCaster uses the following sources of data to drive its predictions:

Inbound aircraft status

Departure aircraft status

Arrival airport status

Departure weather

Arrival weather

Official airline status (which, presumably already reflects at least some of the factors above)

The prediction use a combination of the most current real-time data and up to ten years of historical data. It currently makes predictions for flights within the United States. Interestingly enough, all of this data is public and freely available. You could build this application yourself if you were as smart as these guys.

For a given flight, FlightCaster will predict the chance of an on-time, slightly delayed (less than 60 minutes late) or very delayed (more than 60 minutes late) arrival, up to six hours ahead of the flight.

According to a short article in SD Times, the site and the applications were built in just four months on a budget of less than a million dollars. The developers used a number of advanced technologies including Hadoop, Clojure, and Cascading. Clojure is a dynamic scripting language with a LISP-like syntax, running on top of the Java Virtual Machine (JVM). Cascading is a very high-level workflow language. It runs on top of Hadoop. They used this technology to build a system which can do predictive AI, literally forecasting the future.

All of these leading edge technologies are clearly the wave of the future but of a future that's just a little bit scary to an old-timer like me! These new technologies aren't just simply new languages, with slightly cleaner and more powerful concepts than their predecessors. The transitions I made from FORTRAN to PL/I to C to C++ to Java to Perl to PHP were each pretty painless and almost everything I knew carried forth and was still usable as I moved from language to language (except for carriage control, but that's a different yet very interesting story). No, these new technologies embody entire new processing models and means of expression, and are brand new beasts entirely. If history has taught me anything, it is that these edgy things become mainstream in the blink of an eye and that you can be left behind before you know it!.

We've extended the submission deadline for the AWS Start-Up Challenge to September 25th, 2009! A number of potential entrants in Europe asked for "just a little more time" and we're happy to oblige them.

As noted previously, entrepreneurs in the United States, United Kingdom, Germany, and Israel can enter to win $50,000 in cash, another $50,000 in AWS usage credits, mentoring from AWS experts, and a year's worth of AWS Gold support.

I'm looking forward to participating in the judging. I always enjoying studying each of the entries and really appreciate the diversity nature of the applications and the intensity and creativity of the applicants.

-- Jeff;

PS - I'm just one of several judges, so don't bother trying to bribe me with chocolate.

Amazon Virtual Private Cloud
(Amazon VPC) lets you create your own logically isolated set of Amazon EC2 instances and connect it to your existing network using an IPsec VPN connection. This new offering lets you take advantage of the low cost and flexibility of AWS while leveraging the investment you have already made in your IT infrastructure.

This cool new service is now in a limited beta and you can apply for admission
here.

Here’s all you need to do to get started:

Create a VPC. You define your VPC’s private IP address space, which can range from a /28 (16 IPs) up to a /18 (16,384 IPs). You can use any IPv4 address range, including Private Address Spaces identified in RFC 1918 and any other routable IP address block.

Partition your VPC’s IP address space into one or more subnets. Multiple subnets in a VPC are arranged in a star topology and enable you to create logically isolated collections of instances. You can create up to 20 Subnets per VPC (you can request more using this
form). You can also use this form to request a VPC larger than a /18 or additional EC2 instances for use within your VPC.

Create a customer gateway to represent the device (typically a router or a software VPN appliance) anchoring the VPN connection from your network.

Create a VPN gateway to represent the AWS end of the VPN connection.

Attach the VPN gateway to your VPC.

Create a VPN connection between the VPN gateway and the customer gateway.

Launch EC2 instances within your VPC using an enhanced form of the Amazon EC2 RunInstances API call or the ec2-run-instances command to specify the VPC and the desired subnet.

Once you have done this, all Internet-bound traffic generated by your Amazon EC2 instances within your VPC routes across the VPN connection, where it wends its way through your outbound firewall and any other network security devices under your control before exiting from your network.

IP addresses are specified using CIDR notation, where the value after the slash represents the number of bits in the routing prefix for the address. You’re currently limited to one VPC per AWS account, however, if you have a use case requiring more, let us know and we’ll see what we can do.

Because the VPC subnets are used to isolate logically distinct functionality, we’ve chosen not to immediately support Amazon EC2 security groups. You can launch your own AMIs and most public AMIs, including Microsoft Windows AMIs. You can’t launch Amazon DevPay AMIs just yet, though.

The Amazon EC2 instances are on your network. They can access or be accessed by other systems on the network as if they were local. As far as you are concerned, the EC2 instances are additional local network resources -- there is no NAT translation. EC2 instances within a VPC do not currently have Internet-facing IP addresses.

We’ve confirmed that a variety of Cisco and Juniper hardware/software VPN configurations are compatible; devices meeting our requirements as outlined in the box at right should be compatible too. We also plan to support Software VPNs in the near future. If you want us to consider explicitly validating a device not on this list, please add your request to the Customer Gateway support thread located here.

Amazon VPC functionality is accessible via the EC2 API and command-line tools. The ec2-create-vpc command creates a VPC and the ec2-describe-vpcs command lists your collection of VPCs. There are commands to create subnets, customer gateways, VPN gateways, and VPN connections. Once all of the requisite objects have been created, the ec2-attach-vpn-gateway connects your VPC to your network and allows traffic to flow. While most organizations will likely leave the VPN connection (and VPC) up and running indefinitely, you can drop the connection, terminate the instances, and even delete the VPC if you would like.

You only pay for what you use. Pricing is on a pay-as-you-go basis. VPCs, subnets, customer gateways, and VPN gateways are free to create and to use. You simply pay an hourly charge for each VPN connection you create, and for the data transferred through those VPN connections. EC2 instances within your VPC are priced at the normal On-Demand rate. We’ll honor the hourly rate for any Reserved Instances that you have but during the beta we cannot guarantee that Reserved Instances will always be available for deployment within your VPC.

Imagine the many ways that you can now combine your existing on-premise static resources with dynamic resources from the Amazon VPC. You can expand your corporate network on a permanent or temporary basis. You can get resources for short-term experiments and then leave the instances running if the experiment succeeds. You can establish instances for use as part of a DR (Disaster Recovery) effort. You can even test new applications, systems, and middleware components without disturbing your existing versions.

As is the case with many of our betas, this one is launching in a single Availability Zone in the US-East region. You can use
Amazon CloudWatch
to monitor your instances, but you can’t use Elastic IP addresses,
Auto Scaling
or
Elastic Load Balancing
just yet.

Recall that all traffic from your instances routes through the VPN connection. For now, this includes traffic to other Amazon Web Services such as EC2 instances outside of your Amazon VPC, Amazon S3,
Amazon SQS, and
Amazon SimpleDB. You can create
Elastic Block Store (EBS) volumes and attach them to your instances. EBS volumes created within your cloud can be moved to standard EC2 instances and vice-versa.

I do want to mention a few of the things on our road map as well. First, we're planning to let you directly reach the Internet from your VPC. In early discussions with potential users, we learned that most of them wanted to completely isolate their EC2 instances, routing all of the traffic back to their data center, so we gave this feature the highest priority. Later on, we'll let you decide if and how you want to expose your VPC to the Internet. Second, we're planning to let you specify the IP address of individual Amazon EC2 instances within a subnet. During this beta, Amazon EC2 instances are automatically assigned a random IP from the subnet's designated IP address range. Third, we're evaluating ways to allow you to filter traffic per subnet, kind of like how you might implement router ACLs. We're already working on these items and on other additions to the core functionality we're releasing today. If you have opinions on these items, or anything else you'd like to see in the service, e-mail us or post to the forum. This service is for you; we really need your feedback!

We think you can put Amazon VPC to immediate use and can’t wait to hear about new and imaginative use cases for it. Please feel free to leave a comment on this blog or to send us some email.

Twilio is an AWS-powered platform for telephony applications. You can use their APIs to build voice-based applications to interact with phones, phone calls, and callers.

They've been running a developer contest each week. The developer of the winning entry is awarded a netbook. Previous contests have asked developers to focus on interactive advertising, PHP applications, Twilio's REST library, lead generation, fun and games, and so forth.

This week we've sweetened the prize, with $250 of AWS credits for the winner!

It's easy to think of the Amazon Cloud as a robust virtual data center, and with good reason. However more and more applications are available that provide business-level functionality.

So I'd like to invite you to attend a Webinar on IBM Lotus Forms Turbo.

The Webinar will be on Monday, August 24th, and will show you how to automate ad-hoc, forms based processes like surveys, approvals, notifications, feedbacks, and requests. The software provides an intuitive, out-of-the-box eForms solution that requires no IT involvement (and is therefore truly a business-level application).

Our customers are putting the Amazon EC2 Reserved Instances to use in many different ways. Here are some of the usage patterns that they've told us about:

Steady State Usage -
These customers have applications which require a fixed number of servers to be available at all times. Reserved Instances are advantageous for customers who are currently using their own hardware or who are using On-Demand instances full-time.

Low to Medium Annual Utilization -
These customers have applications which run less than 100% of the time. The breakeven point can be calculated based on anticipated instance usage at the effective hourly rate. Reserved Instances offer a cost savings over On-Demand instances even at relatively low utilization rates.

Variable Usage - These customers have applications with unpredictable or fluctuating usage patterns. They can use a combination of Reserved and On-Demand instances to minimize their net costs. This is especially valuable when EC2 instances are frequently launched and then terminated—we minimize costs by always charging the lowest applicable price for each instance.

Standby Capacity - These customers use Reserved Instances as a reliable source of standby capacity with availability at a moment's notice. The Reserved Instances are an integral part of their disaster recovery plan.

Given the many ways that our customers have already put them to use, I am happy to tell you that we've lowered the prices for newly purchased Amazon EC2 Reserved Instances! On a three year term, you can now get an m1.small instance for an effectively hourly rate of just $0.043 per hour (4.3 cents). The new pricing is now in effect.

Here are the new US prices (the instance prices for the EU have also been reduced):

After creating a free account at www.cloudfoundry.com, you can design and configure complex systems, intelligently provision complete Java stacks, while making use of SLA-driven resource allocation and benefiting from automated infrastructure repair.

You can upload one or more WAR (Java web application) files to Cloud Foundry for each of your applications. Then you can configure your AWS, JVM, and database options and launch your application on one or more EC2 instances. Cloud Foundry lets you configure single and multiple instance application and database servers, including MySQL masters and slaves in any EC2 region, on any EC2 instance type.

Once the application has been deployed you have a number of options for monitoring and management, including automatic repair of terminated or unresponsive instances, automatic scaling (with configurable limits), and more.

Here are some screen shots that I took during a pre-launch briefing earlier this week:

This is a pretty cool product. It will definitely help developers to get their Enterprise Java applications up and running on AWS more quickly and more easily!